CODEWITHSUNDEEP
azureasp.net-web-api
Paul0515
Paul0515

Reputation: 25435

How to config an web-api project in azure?

We're developing a web-api back-end ... implemented some calls, done in c# with sqlserver etc. The backend will have more than one client apps. One would be a website, one would be a mobile app using phonegap, and hopefully we get more client apps using the service ...

We would like to setup the web-api project independent from the website stuff and NOT run into crossdomain issues.

Could a reverse proxy be used for this? Or maybe a vpn in azure? Any other suggestions?

Paul

Upvotes: 0

Views: 190

Answers (2)

Morten
Morten

Reputation: 339

There are a couple of things you need to do:

Set up your WebApi to support CORS (Cross Origin Resource Sharing). You can do this easily by installing the Cors Nuget package from Microsoft:

Install-Package Microsoft.AspNet.WebApi.Cors

Then you need to enable cors early in the application lifetime, for example in the Application_Start section of global.asax:

GlobalConfiguration.Configuration.EnableCors();

See this link for more details: http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api

I see that you are concerned about security. Good. Then you may need to do two more thing to get your CORS to play nicely.

First, you should really look into creating a custom Cors policy provider (see the link above). Since you are hosting your WebApi in Azure, make it easy to configure the allowed origins. This should be a whitelist of only the websites you want to allow on your webapi.

Second, I assume that your user is authenticated on the website. I also assume that the way you call the WebApi is via jQuery or some other provider that uses jQuery as a transport (such as BreezeJS). To pass on the authentication details to your WebApi, jQuery needs to know that it should do that. The easiest way to do this is to set a global setting on your website:

$.ajaxSetup({ crossDomain: true, xhrFields: { withCredentials: true } });

A good tip for knowing exactly what goes wrong (because from experience, something will), is to use Chrome to test. Then you can open this link and see all the details of what is happening on the wire: chrome://net-internals/#events

Happy coding! :)

Upvotes: 1

Thiago Custodio
Thiago Custodio

Reputation: 18387

Create a Cloud Services (Web Role - MVC 4 web application), then deploy your webapi to there. Just make sure your webapi handle CORS issues, so you can call the api from both clients.

More info: Enabling Cross-Origin Requests in ASP.NET Web API

PS: I'm working in a project that works exactly as you said. A website and mobile app as clients of my webapi on azure and we are doing like this. It's working pretty well.

Upvotes: 0

Related Questions